我想为 Terraform 执行 MFA,因此期望从我的虚拟 MFA 设备中为每个terraform [command]. 阅读文档后:
cli-roles
terraform mfa
我创建了一个角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::[ACCOUNT_ID]:user/testuser"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
该用户默认强制使用 MFA,我为他配置了虚拟 MFA 设备。
~/.aws/凭证:
[default]
...
[terraform_role]
role_arn = arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role
source_profile = default
mfa_serial = arn:aws:iam::[ACCOUNT_ID]:mfa/testuser
在我的 Terraform 环境中,我放置了以下内容:
provider "aws" {
profile = "terraform_role"
}
但是当我运行terraform plan它时会抛出一个错误:
Error refreshing state: 1 error(s) occurred:
* provider.aws: No …